US20120023336A1 - System and method for designing secure client-server communication protocols based on certificateless public key infrastructure - Google Patents
System and method for designing secure client-server communication protocols based on certificateless public key infrastructure Download PDFInfo
- Publication number
- US20120023336A1 US20120023336A1 US12/963,409 US96340910A US2012023336A1 US 20120023336 A1 US20120023336 A1 US 20120023336A1 US 96340910 A US96340910 A US 96340910A US 2012023336 A1 US2012023336 A1 US 2012023336A1
- Authority
- US
- United States
- Prior art keywords
- value
- key
- elliptic curve
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
Definitions
- This invention relates to the field of communication.
- this invention relates to the field of cryptography and network security.
- Principal in this specification relates to known systems used for creating and verifying digital signatures such as elliptic curve diffie hellman system, elliptic curve digital signature system, and also to known systems that are used to randomize the message as well as verify the authenticity of the message, such as message randomization system, jacobi identity verification system and the like.
- Digital Signature or ‘Signature’ in this specification relates to a mechanism for determining the authenticity of a message, financial transaction and cases where there is a necessity to detect forgery or tampering.
- Client-server networking is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters (clients). This kind of network communication is not necessarily secure.
- servers service providers
- clients service requesters
- This kind of network communication is not necessarily secure.
- many researchers and organizations incorporate methods such as public key based cryptography, identity based cryptography and the like.
- U.S. Pat. No. 6,477,254 granted to Seiji Miyazaki and Kazuo Takaragi provides a data encryption and decryption method which includes an encryption step and a decryption step.
- the encryption step there are prepared n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer.
- a new key is generated in accordance with at least one of the public keys.
- Data is encrypted in a common-key cryptographic scheme by use of the new key.
- a calculation of the threshold logic is conducted by use of the new key and the n public keys, and encrypted data and a result of the calculation of the threshold logic are stored.
- the new key is restored from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and stored data is decrypted by the restored key in the common-key cryptographic scheme.
- the focus of the U.S. Pat. No. 6,477,254 is on providing a data encryption and decryption method that includes the steps of data encryption and data decryption respectively.
- the data encryption step further includes ‘n’ pairs of secret keys and public keys and generating a new key using at least two of the generated public keys.
- U.S. Pat. No. 7,673,141 granted to Roger Kilian-Kehr et al provides a system for providing secured access to an application service.
- the system envisaged by the U.S. Pat. No. 7,673,141 includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service.
- the client uses a second cryptographic technique to generate a response, and provides the response to an authentication service.
- the authentication service grants the client access to the application service only if the challenge and response are authenticated using a first authentication technique complementary to the first cryptographic technique and a second authentication technique complementary to the second cryptographic technique, respectively.
- United States Patent Application 2008069338 filed by Robert Relyea provides a computer system and a method for verifying a location factor associated with the token (client).
- the token receives an encrypted challenge from a server.
- the encrypted challenge is encrypted by a key commonly shared by the server and the token.
- the token then decrypts the encrypted challenge by the commonly shared key and manipulates the challenge by a predetermined elliptic curve cryptography (ECC) procedure to obtain a manipulated challenge.
- ECC elliptic curve cryptography
- the token returns a signed manipulated challenge and an ECC public key to the server as a reply to the challenge.
- the server receives the signed manipulated challenge and verifies that the signed manipulated challenge was actually generated at the token based upon the ECC public key.
- the client receives an encrypted challenge from the server, the challenge is encrypted using a key that is known to both the client and the server (public key).
- United States Patent Application 2009003597 filed by Alexander Gantman et al provides a method and apparatus with means for use in authentication between two entities having agreed on the use of a common modulus N.
- the method envisaged by US Patent Application No. 2009003597 comprises the steps of, generating a pseudorandom string value from an input value; generating a first public key value based on the modulus N and the pseudorandom string value; generating a first private key value corresponding to the first public key value; receiving a second public key value; and generating a shared secret value based on the modulus N, the first private key value and the second public key value; determining the authentication signature using the shared secret value and transmitting the said authentication signature.
- the system envisaged by the US Patent Application No. 2009003597 makes use of the key generation unit to generate the first public key and the first private key.
- the system further makes use of a receiver unit to receive a second public key value and a secret key generation unit to generate a secret shared key value.
- United States Patent Application 2010211779 filed by Ganapathy S. Sundaram provides a key agreement protocol between a first party and a second party.
- a random key component is generated, encrypted by the first party (server) and sent to the second party (client).
- the random key part is encrypted using the public key of the second party.
- the second party receives the random key component sent from the first party, and in addition to receiving the first random key component the second party generates the second key component.
- the first key component and the second key component are encrypted to form a random encrypted key component pair. So generated random key component pair is encrypted and transmitted from the second party (client) to the first party (server).
- the server or the first party Upon receiving the encrypted random key component pair from the second party, the server or the first party sends an encrypted second random key component to the second party and the key to be used in all the subsequent communication between the client and the server are computed and decided at the first party (server) based on the second random key component.
- the focus of the US Patent Application No. 2010211779 is on providing an identity based encryption scheme.
- U.S. Pat. No. 7,549,044 granted to Lane W. Lee provides a block-level storage device which has been configured to implement a digital rights management (DRM) system.
- DRM digital rights management
- the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key.
- the host system uses its private key to recover the secure session key.
- the storage device may store content that has been encrypted according to a content key.
- the storage device may encrypt the content key using the secure session key.
- the focus of the U.S. Pat. No. 7,549,044 is on providing a digital rights management system.
- the secure session key itself is encrypted and subsequently decrypted in order to ensure a secured communication between the storage device and the client.
- Chinese Patent Application 1444168 filed by Zhu Huafei discloses creating an elliptic curve public key certificate based on the probability of asymmetric encryption method.
- the system envisaged by the Chinese Patent Application No. 1444168 further includes making use of the principles of anti-collision hash functions, public key encryption system and public key certificate scheme in order to facilitate secured communication between the client and the server.
- the present invention is dissimilar from the system envisaged by the Chinese Patent Application No. 1444168 in that it provides certificateless public key infrastructure. Even though the Chinese Patent Application discloses making use of elliptic curve cryptography (ECC), the major dissimilarity lies in the fact that the present invention makes use of certificateless public key infrastructure whereas the Chinese Patent Application discloses using a certificate based public key infrastructure.
- ECC elliptic curve cryptography
- a system for facilitating secure client server communication comprising:
- the processing means includes an encryption means adapted to receive said random number and encrypt said random number with the public key using elliptic curve encryption.
- the processing means includes a preprocessing means adapted to receive said random number and process said random number using message randomization.
- the first verification means includes a decryption means adapted to receive said processed value and decrypt said processed value with the private key using elliptic curve encryption.
- the first verification means includes a preprocessing means adapted to receive and verify said processed value using message randomization to detect forgery.
- the first value is selected form the group consisting of pair of public key and private key and Jacobi identity.
- the second value is selected from the group consisting of digitally signed value and lie product.
- the predetermined primitives are selected from the group consisting of curve diffie hellman method, elliptic curve digital signature method and jacobi identity verification system.
- the predetermined primitives are selected from the group consisting of elliptic curve diffie hellman system and elliptic curve digital signature system.
- the method of processing said random number to produce a processed value further includes the step of encrypting said random number with the public key using elliptic curve encryption system.
- the method of processing said random number to produce a processed value further includes the step of processing said random number using primitives selected from the group consisting of bit shuffling, compression, T-function and linear feedback shift registration.
- the method of verifying said processed value further includes the step of decrypting said processed value with the private key using elliptic curve encryption method.
- the method of verifying said processed value further includes the step of verifying said processed value by using message randomization method.
- the method of generating said first value further includes the step of generating a pair of public key and private key;
- the method of generating said first value further includes the step of generating the jacobi identity.
- the method of generating said second value based on said first value further includes the step of generating a digitally signed value.
- the method of generating said second value based on said first value further includes the step of generating a lie product.
- the step of verifying said second value using predetermined primitives further includes the step of verifying said second value using predetermined primitives selected from the group consisting of curve diffie hellman method, elliptic curve digital signature method and jacobi identity verification method.
- the step of receiving transmitted public key and generating a secret key based on predetermined primitives further includes the step of generating said secret key based on predetermined primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
- the step of generating a session key based on said secret key and said predetermined primitives further includes the step of generating a session key using said session key and predetermined primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
- FIG. 1 illustrates a sequence diagram for the first network security protocol, in accordance with the present invention
- FIG. 2 illustrates a sequence diagram for the second network security protocol, in accordance with the present invention.
- FIG. 3 illustrates a sequence diagram for the third network security protocol, in accordance with the present invention.
- PKI certificateless public key Infrastructure
- the system includes at least one server which performs the function of generating keys that is a pair of public key and the private key, allowing the server to act as a Key Generation Center (KGC) and at least one client, forming server client architecture and the required infrastructure of the PKI which includes set of hardware, policies, procedures, and the like needed for communication.
- KGC Key Generation Center
- the certificateless PKI based communication using first network security protocol initially allows server to act as a Key Generation Center (KGC) for distributing public and private keys to clients.
- KGC Key Generation Center
- the steps involved in setting up certificateless PKI based communications using first network security protocol are seen in FIG. 1 .
- the client initiates the communication by sending an introductory message such as “client Hello”.
- the server In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator.
- the server further encrypts the generated value using client's public key. No digital certificates are created during the process of encryption of random value.
- the server keeps track of the set of private key and public key assigned to individual clients.
- Elliptic curve encryption method is utilized at the server side for encrypting the value.
- the value that has been encrypted using client's public key is sent to the client.
- the server challenges the client to decrypt the value that contains the number in encrypted form, and prove its identity.
- the client receives the encrypted value and decrypts the encrypted value using its private key.
- the client decrypts the encrypted value using its private key and elliptic curve diffie hellman algorithm and verifies whether the value was sent form a trusted source. By successfully decrypting the encrypted value and recovering the original value the client proves to the server that it is trustworthy.
- the client on completing the step of verification (i.e., decryption of the encrypted value sent by the server) of value sent by the server, generates a pair of public key and private key by making use of elliptic curve cryptography.
- the client creates a signature on the decrypted value using elliptic curve digital signature algorithm and sends the signature to the server
- the server on its part receives the signature sent by the client and verifies the signature using elliptic curve digital signature algorithm.
- the server Soon after verifying the signature sent by the client, the server generates a pair of public key and private key using elliptic curve diffie hellman algorithm and sends the generated public key to the client.
- the client Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server.
- the server in return generates an ‘m’ bit session key based on elliptic curve diffie hellman algorithm.
- the secret key and the corresponding session key are generated using elliptic curve diffie hellman algorithm.
- Reference numeral 100 of FIG. 1 denotes the step of generation of session key of length ‘m’ bits using elliptic curve diffie hellman algorithm.
- the session key is used for all the subsequent communications and transactions between the server and the client. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure.
- KGC Key Generation Center
- Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step Server generates Random challenge or Random value of n-bits using Pseudo Random Number Generator (PRNG). Further, Server encrypts Random value with client's public key using Elliptic Curve Encryption method (ECE). Client decrypts the encrypted random value with its private key using ECE.
- PRNG Pseudo Random Number Generator
- ECE Elliptic Curve Encryption method
- Client generates Public and Private Keys on Elliptic curve by making use of elliptic curve cryptography method.
- the length of the public key and the private key could either be 256 bits or 384 bits or 512 bits as recommended by NIST (National Institute of Standards and Technology).
- Client creates a signature on the value sent by the server using elliptic curve digital signature algorithm and sends the signature to Server.
- Server verifies the signature using elliptic curve digital signature algorithm and subsequently generates a key pair on the elliptic curve. Server sends its public key to Client.
- Client and server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- ECDH elliptic curve diffie hellman
- Client and server negotiate Session key of m bits generated using elliptic curve diffie hellman algorithm, for the purpose of Encryption.
- Client and server have a cipher suite.
- the steps involved in setting up certificateless PKI based communications using second network security protocol are seen in FIG. 2 .
- the certificateless PKI based communication using second network security protocol is slightly different from first Network security protocol as there is no initial set up for generating a pair of public and private keys for client and server but client and server have a unique message preprocessing (MP) function which converts the plain text into a random message.
- MP unique message preprocessing
- Bijective mapping is used for the purpose of ensuring that no modification has taken place, when the random value is sent. In case of the random value, the bit sequence representing the particular value will be altered or randomized thereby masking the original value.
- the client initiates the communication by sending an introductory message such as “client Hello”.
- the server In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator.
- the server processes the generated random value using the message preprocessing function (message randomization function).
- the message preprocessing function includes performing three operations in sequential manner. The three operations are shuffling, T-Function and LFSR (Linear Feedback Shift Register).
- the process of preprocessing starts with shuffling of bits. Shuffling of bits helps increase the diffusion. Diffusion refers to the property that, the redundancy in the statistics of the input is dissipated in the output.
- the process of shuffling is invertible and the original bit sequence can be easily recovered from the shuffled bit sequence.
- T-Function is followed by the process of T-Function.
- T-function is an update function which updates every bit by a linear combination of the same bit and the less significant bits.
- the process of T-function is followed by the function of LFSR (Linear Feedback Shift Register).
- LFSR Linear Feedback Shift Register
- LFSR is a process that includes using an irreducible polynomial of degree 32 and period 2 32 ⁇ 1. In case of LFSR the given input is shifted with the given polynomial for 4 to 15 cycles.
- the output of bit shuffling, T-Function and LFSR (collectively referred to as preprocessing) is a highly randomized value.
- the server after subjecting the generated value to the preprocessing function sends the preprocessed value and the original value to the client.
- the preprocessed value is a derivative of the original value and the only difference between the preprocessed value and the original value is that, in case of the preprocessed value the bit sequence would be altered.
- the preprocessed value is verified using the functions of shuffling, T-Function and LFSR in the reverse order, i.e., the process of LFSR is followed by T function and bit shuffling.
- the order of conduction of the above mentioned process is reversed in case of preprocessing the value. Since all the three functions are invertible, the order of conduction can be reversed without any data loss and adverse effects.
- the client after performing the above mentioned functions in the reverse order (i.e., LFSR followed by T-Functioning and Bit shuffling) obtains the verified value.
- Client compares the verified value that has been obtained as a result of performing the process of LFSR, T-Functioning and bit shuffling and the original value sent by the server thereby detecting whether the value had been forged.
- the client After verifying the value sent by the server, if the value sent by the server is authentic, the client generates a pair of public key and private key using the elliptic curve diffie-hellman algorithm.
- the client further creates a signature on the value sent by the server using elliptic curve digital signature algorithm and sends the signature along with its public key to the server.
- the server on receiving the signature, verifies the signature sent by the client using elliptic curve digital signature algorithm and subsequently generates a pair of public key and private key using elliptic curve diffie hellman algorithm. Subsequently, the server sends the generated public key to the client.
- the client Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server.
- the server in return generates an ‘m’ bit session key based on the secret key and elliptic curve diffie hellman algorithm.
- the secret key and the corresponding session key are generated by making use of elliptic curve diffie hellman algorithm.
- Reference numeral 200 of FIG. 2 denotes the step of generation of session key of length ‘m’ bits based on the secret key and elliptic curve diffie hellman algorithm.
- the session key is used for all the subsequent communications and transactions between the server and the client. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure.
- Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step Server generates Random challenge or Random Number of n-bits using Pseudo Random Number Generator (PRNG) and computes the message preprocessing of Random Number.
- Client receives the Random Number and MP (Random Number). It verifies MP (Random Number).
- Client generates Public and Private keys on Elliptic curve.
- the length of the private key and the public key could be either 256 bits or 384 bits or 512 bits as recommended by NIST (National Institute of Standards and Technology).
- Client signs the value sent by the server using elliptic curve digital signature algorithm and sends the signature with its public key to Server.
- Server verifies the signature and generates a key pair on the elliptic curve. Server sends its public key to Client.
- Client and Server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- ECDH elliptic curve diffie hellman
- Client and Server negotiate a Session key of m bits created using elliptic curve diffie hellman algorithm, for the purpose of Encryption.
- Client and Server have a cipher suite.
- the certificateless PKI (Public Key Infrastructure) based communication using third network security protocol is similar to first Network Security Protocol but the difference can be seen in signature generation.
- Client uses Jacobi identity, a special product on Lie algebras, to authenticate server.
- the client initiates the communication by sending an introductory message such as “client Hello”.
- the server In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator.
- the server further encrypts the generated value using client's public key. No digital certificates are created during the process of encryption of random value.
- the server keeps track of the set of private key and public key assigned to individual clients.
- Elliptic curve cryptography method is utilized at the server side for encrypting the value.
- the value that has been encrypted using client's public key is sent to the client.
- the server challenges the client to decrypt the encrypted value and prove its identity.
- the client receives the encrypted value and decrypts the encrypted value using its private key and elliptic curve cryptography method thereby proving to the server that it is a trusted destination.
- the client further computes the jacobi identity on the sent value. That is, the client divides the decrypted value into three parts. The client further generates the lie product on the received value.
- the jacobi identity of the value would be represented by x ⁇ y ⁇ z.
- the server further generates a pair of public key and private key by making use of elliptic curve cryptography.
- Elliptic curve diffie hellman algorithm which forms a part of the elliptic curve cryptography is used for the purpose of generating the pair of public key and private key.
- the client subsequently sends its public key to the client.
- the client Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server.
- the server in return generates an ‘m’ bit session key using the secret key and elliptic curve diffie hellman algorithm.
- the secret key and the corresponding session key are generated by making use of elliptic curve diffie hellman algorithm.
- Reference numeral 300 of FIG. 3 denotes the step of generation of session key of length ‘m’ bits. For all the subsequent communications and transactions between the server and the client the session key is used. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure.
- KGC Key Generation Center
- Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step Server generates Random challenge or Random Number of n-bits using Pseudo Random Number Generator (PRNG). Further, Server encrypts Random Number with client's public key using Elliptic Curve Cryptography method (ECC). Client decrypts the encrypted Random number with its private key using Elliptic Curve Cryptography method.
- PRNG Pseudo Random Number Generator
- ECC Elliptic Curve Cryptography method
- Server sends its public key using ECC (elliptic curve cryptography) to Client.
- Client and server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- ECDH elliptic curve diffie hellman
- Client and server negotiate a Session key of m bits that has been generated using elliptic curve diffie hellman algorithm, for the purpose of Encryption.
- Client and server have a cipher suite.
Abstract
A system and method for facilitating secure client server communication using elliptical curve cryptography and certificateless public key infrastructure has been disclosed. The system includes a secret key generation means which generates a secret key of m-bits based on the elliptic curve diffie hellman algorithm. The system further includes a session key generation means which makes use of said secret key and elliptic curve diffie hellman algorithm to generate a session key. The session key is used to facilitate secured communication between the client and the server.
Description
- This application claims priority from Indian Patent Application No. 2849/MUM/2009, filed on Dec. 10, 2009, entitled, “A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure.”
- This invention relates to the field of communication.
- Particularly, this invention relates to the field of cryptography and network security.
- The term ‘Primitives’ in this specification relates to known systems used for creating and verifying digital signatures such as elliptic curve diffie hellman system, elliptic curve digital signature system, and also to known systems that are used to randomize the message as well as verify the authenticity of the message, such as message randomization system, jacobi identity verification system and the like.
- The term ‘Digital Signature’ or ‘Signature’ in this specification relates to a mechanism for determining the authenticity of a message, financial transaction and cases where there is a necessity to detect forgery or tampering.
- These definitions are in addition to those expressed in the art.
- Client-server networking is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters (clients). This kind of network communication is not necessarily secure. In order to have a secure communication in the client-server set up, many researchers and organizations incorporate methods such as public key based cryptography, identity based cryptography and the like.
- A strong password-based Authentication Key Exchange (PAKE) was patented by Bollovin and Merritte in 1993. It is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password. Later, Stanford University patented Secure Remote Protocol (SRP) that was used for a new password authentication and key-exchange mechanism over an untrusted network. Then, Sun Microsystems came up with an implementation of the Elliptic Curve Cryptography (ECC) technology which was well integrated into the Open SSL-Certificate Authority. This code enabled secure TLS/SSL handshakes using the Elliptic curve based cipher suites.
- Other works done in this field:
- U.S. Pat. No. 6,477,254 granted to Seiji Miyazaki and Kazuo Takaragi provides a data encryption and decryption method which includes an encryption step and a decryption step. In the encryption step, there are prepared n pairs of secret keys and public keys in a public-key cryptographic scheme, where n is a positive integer. A new key is generated in accordance with at least one of the public keys. Data is encrypted in a common-key cryptographic scheme by use of the new key. There is prepared a (k, n) threshold logic (k is an integer equal to or less than n) having terms associated with the new key and the n public keys. A calculation of the threshold logic is conducted by use of the new key and the n public keys, and encrypted data and a result of the calculation of the threshold logic are stored. In the decryption step, the new key is restored from k secret keys selected from the n secret keys and the stored result of the threshold logic calculation in accordance with a threshold reverse logic corresponding to the threshold logic and stored data is decrypted by the restored key in the common-key cryptographic scheme. The focus of the U.S. Pat. No. 6,477,254 is on providing a data encryption and decryption method that includes the steps of data encryption and data decryption respectively. The data encryption step further includes ‘n’ pairs of secret keys and public keys and generating a new key using at least two of the generated public keys.
- U.S. Pat. No. 7,673,141 granted to Roger Kilian-Kehr et al provides a system for providing secured access to an application service. The system envisaged by the U.S. Pat. No. 7,673,141 includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service. The client uses a second cryptographic technique to generate a response, and provides the response to an authentication service. The authentication service grants the client access to the application service only if the challenge and response are authenticated using a first authentication technique complementary to the first cryptographic technique and a second authentication technique complementary to the second cryptographic technique, respectively.
- United States Patent Application 2008069338 filed by Robert Relyea provides a computer system and a method for verifying a location factor associated with the token (client). The token receives an encrypted challenge from a server. The encrypted challenge is encrypted by a key commonly shared by the server and the token. The token then decrypts the encrypted challenge by the commonly shared key and manipulates the challenge by a predetermined elliptic curve cryptography (ECC) procedure to obtain a manipulated challenge. The token returns a signed manipulated challenge and an ECC public key to the server as a reply to the challenge. The server receives the signed manipulated challenge and verifies that the signed manipulated challenge was actually generated at the token based upon the ECC public key. In case of the US Patent Application No. 2008069338 the client receives an encrypted challenge from the server, the challenge is encrypted using a key that is known to both the client and the server (public key).
- United States Patent Application 2009003597 filed by Alexander Gantman et al provides a method and apparatus with means for use in authentication between two entities having agreed on the use of a common modulus N. The method envisaged by US Patent Application No. 2009003597 comprises the steps of, generating a pseudorandom string value from an input value; generating a first public key value based on the modulus N and the pseudorandom string value; generating a first private key value corresponding to the first public key value; receiving a second public key value; and generating a shared secret value based on the modulus N, the first private key value and the second public key value; determining the authentication signature using the shared secret value and transmitting the said authentication signature. The system envisaged by the US Patent Application No. 2009003597 makes use of the key generation unit to generate the first public key and the first private key. The system further makes use of a receiver unit to receive a second public key value and a secret key generation unit to generate a secret shared key value.
- United States Patent Application 2010211779 filed by Ganapathy S. Sundaram provides a key agreement protocol between a first party and a second party. According to the US Patent Application No. 2010211779, a random key component is generated, encrypted by the first party (server) and sent to the second party (client). The random key part is encrypted using the public key of the second party. Accordingly the second party receives the random key component sent from the first party, and in addition to receiving the first random key component the second party generates the second key component. At the client end (at the second party), the first key component and the second key component are encrypted to form a random encrypted key component pair. So generated random key component pair is encrypted and transmitted from the second party (client) to the first party (server). Upon receiving the encrypted random key component pair from the second party, the server or the first party sends an encrypted second random key component to the second party and the key to be used in all the subsequent communication between the client and the server are computed and decided at the first party (server) based on the second random key component. The focus of the US Patent Application No. 2010211779 is on providing an identity based encryption scheme.
- U.S. Pat. No. 7,549,044 granted to Lane W. Lee provides a block-level storage device which has been configured to implement a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key. The focus of the U.S. Pat. No. 7,549,044 is on providing a digital rights management system. In case of the system envisaged by the U.S. Pat. No. 7,549,044 the secure session key itself is encrypted and subsequently decrypted in order to ensure a secured communication between the storage device and the client.
- Chinese Patent Application 1444168 filed by Zhu Huafei discloses creating an elliptic curve public key certificate based on the probability of asymmetric encryption method. The system envisaged by the Chinese Patent Application No. 1444168 further includes making use of the principles of anti-collision hash functions, public key encryption system and public key certificate scheme in order to facilitate secured communication between the client and the server. The present invention is dissimilar from the system envisaged by the Chinese Patent Application No. 1444168 in that it provides certificateless public key infrastructure. Even though the Chinese Patent Application discloses making use of elliptic curve cryptography (ECC), the major dissimilarity lies in the fact that the present invention makes use of certificateless public key infrastructure whereas the Chinese Patent Application discloses using a certificate based public key infrastructure.
- The disadvantages associated with the systems proposed by the prior art and related art patent documents are that all of the above approaches are implemented on certificate-based public key cryptography and the identity-based cryptography techniques. These cryptography methods face costly and complex key management problems and the key escrow problem in the real-life deployment. Recently, the certificateless public key cryptography (CL-PKC) was introduced to address these problems, which have not been solved fully. Typically, CL-PKC uses bilinear pairings and inverse operations which would slowdown the performance of the system.
- Hence, there was felt a need for a cost and time effective system which is based on certificateless public key cryptosystem but does not make use of the principle of bilinear pairing.
- It is an object of the present invention to provide a system for securing communication between a client and a server;
- It is another object of the present invention to provide a robust system for securing communication between a client and a server;
- It is yet another object of the present invention to provide a system which is tamper-proof;
- It is still another object of the present invention to provide a lightweight authentication system;
- It is still another object of the present invention to provide a cost effective system which uses certificateless public key cryptography techniques;
- It is still another object of the present invention to provide a time efficient system which implements certificateless public key cryptography techniques without bilinear pairing;
- It is still another object of the present invention to provide a system that is capable of functioning under lower bandwidths;
- It is still another object of the present invention to provide a space efficient system which requires lesser amount of storage space for its operations;
- It is still another object of the present invention to provide a system that provides an instant and secure way of performing online cash transactions;
- It is still another object of the present invention to provide a system that prevents the occurrence of replay and rushing attacks;
- It is still another object of the present invention to provide a system that helps reduce information loss; and
- It is still another object of the present invention to provide a system whose performance will not be compromised even during transmission of large amount of data.
- In accordance with the present invention there is provided a system for facilitating secure client server communication, said system comprising:
-
- a random number generator adapted to generate a random number;
- processing means adapted to receive said random number and produce a processed value;
- first verification means adapted to receive and verify said processed value to detect forgery, said first verification means further adapted to generate a verified value;
- computing means coupled to first verification means, said computing means adapted to generate a first value, said computing means further adapted to generate a second value corresponding to said first value;
- second verification means having predetermined primitives, said second verification means adapted to receive and verify said second value, said second verification means further adapted to generate a public key and corresponding private key;
- secret key generation means having said predetermined primitives, said secret key generation means adapted to receive said public key from said second verification means and generate a secret key; and
- session key generation means having said predetermined primitives, said session key generation means adapted to receive said secret key from said secret key generation means and generate a session key;
said secret key and said session key facilitating secure client server communication.
- Typically, in accordance with this invention, the processing means includes an encryption means adapted to receive said random number and encrypt said random number with the public key using elliptic curve encryption.
- Typically, in accordance with this invention, the processing means includes a preprocessing means adapted to receive said random number and process said random number using message randomization.
- Typically, in accordance with this invention, the first verification means includes a decryption means adapted to receive said processed value and decrypt said processed value with the private key using elliptic curve encryption.
- Typically, in accordance with this invention, the first verification means includes a preprocessing means adapted to receive and verify said processed value using message randomization to detect forgery.
- Typically, in accordance with this invention, the first value is selected form the group consisting of pair of public key and private key and Jacobi identity.
- Typically, in accordance with this invention, the second value is selected from the group consisting of digitally signed value and lie product.
- Typically, in accordance with this invention, the predetermined primitives are selected from the group consisting of curve diffie hellman method, elliptic curve digital signature method and jacobi identity verification system.
- Typically, in accordance with this invention, the predetermined primitives are selected from the group consisting of elliptic curve diffie hellman system and elliptic curve digital signature system.
- In accordance with the present invention there is provided a method for facilitating secure client server communication, said method comprising the steps of:
-
- generating a random number;
- processing said random number to generate a processed value;
- verifying said processed value to detect forgery;
- generating a first value;
- generating a second value corresponding to said first value;
- verifying said second value using predetermined primitives;
- generating a public key and a corresponding private key;
- transmitting said public key and retaining said private key;
- receiving transmitted public key and generating a secret key based on predetermined primitives; and
- generating a session key based on said secret key and said predetermined primitives.
- Typically, in accordance with this invention, the method of processing said random number to produce a processed value further includes the step of encrypting said random number with the public key using elliptic curve encryption system.
- Typically, in accordance with this invention, the method of processing said random number to produce a processed value further includes the step of processing said random number using primitives selected from the group consisting of bit shuffling, compression, T-function and linear feedback shift registration.
- Typically, in accordance with this invention, the method of verifying said processed value further includes the step of decrypting said processed value with the private key using elliptic curve encryption method.
- Typically, in accordance with this invention, the method of verifying said processed value further includes the step of verifying said processed value by using message randomization method.
- Typically, in accordance with this invention, the method of generating said first value further includes the step of generating a pair of public key and private key;
- Typically, in accordance with this invention, the method of generating said first value further includes the step of generating the jacobi identity.
- Typically, in accordance with this invention, the method of generating said second value based on said first value further includes the step of generating a digitally signed value.
- Typically, in accordance with this invention, the method of generating said second value based on said first value further includes the step of generating a lie product.
- Typically, in accordance with this invention, the step of verifying said second value using predetermined primitives, further includes the step of verifying said second value using predetermined primitives selected from the group consisting of curve diffie hellman method, elliptic curve digital signature method and jacobi identity verification method.
- Typically in accordance with this invention, the step of receiving transmitted public key and generating a secret key based on predetermined primitives further includes the step of generating said secret key based on predetermined primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
- Typically in accordance with this invention, the step of generating a session key based on said secret key and said predetermined primitives further includes the step of generating a session key using said session key and predetermined primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
- The invention will now be described with reference to the accompanying drawings, in which:
-
FIG. 1 illustrates a sequence diagram for the first network security protocol, in accordance with the present invention; -
FIG. 2 illustrates a sequence diagram for the second network security protocol, in accordance with the present invention; and -
FIG. 3 illustrates a sequence diagram for the third network security protocol, in accordance with the present invention. - The invention will now be described with reference to the embodiments shown in the accompanying drawings. The embodiments do not limit the scope and ambit of the invention. The description relates purely to the exemplary preferred embodiments of the invention and its suggested application.
- According to this invention, there is envisaged a system and a set of three network security protocols to provide secure communication between client and server using certificateless public key Infrastructure (PKI).
- The system includes at least one server which performs the function of generating keys that is a pair of public key and the private key, allowing the server to act as a Key Generation Center (KGC) and at least one client, forming server client architecture and the required infrastructure of the PKI which includes set of hardware, policies, procedures, and the like needed for communication.
- The certificateless PKI based communication using first network security protocol initially allows server to act as a Key Generation Center (KGC) for distributing public and private keys to clients. The steps involved in setting up certificateless PKI based communications using first network security protocol are seen in
FIG. 1 . - As shown in
FIG. 1 , the client initiates the communication by sending an introductory message such as “client Hello”. In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator. The server further encrypts the generated value using client's public key. No digital certificates are created during the process of encryption of random value. The server keeps track of the set of private key and public key assigned to individual clients. Elliptic curve encryption method is utilized at the server side for encrypting the value. The value that has been encrypted using client's public key is sent to the client. The server challenges the client to decrypt the value that contains the number in encrypted form, and prove its identity. The client receives the encrypted value and decrypts the encrypted value using its private key. The client decrypts the encrypted value using its private key and elliptic curve diffie hellman algorithm and verifies whether the value was sent form a trusted source. By successfully decrypting the encrypted value and recovering the original value the client proves to the server that it is trustworthy. The client, on completing the step of verification (i.e., decryption of the encrypted value sent by the server) of value sent by the server, generates a pair of public key and private key by making use of elliptic curve cryptography. - The client creates a signature on the decrypted value using elliptic curve digital signature algorithm and sends the signature to the server, the server on its part receives the signature sent by the client and verifies the signature using elliptic curve digital signature algorithm. Soon after verifying the signature sent by the client, the server generates a pair of public key and private key using elliptic curve diffie hellman algorithm and sends the generated public key to the client.
- Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server. The server in return generates an ‘m’ bit session key based on elliptic curve diffie hellman algorithm. The secret key and the corresponding session key are generated using elliptic curve diffie hellman algorithm.
Reference numeral 100 ofFIG. 1 denotes the step of generation of session key of length ‘m’ bits using elliptic curve diffie hellman algorithm. For all the subsequent communications and transactions between the server and the client, the session key is used. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure. - The steps involved in the method for facilitating a secure communication between the server and the client using first network security protocol are given below.
- Initial set up: Every client has a pair of Public and Private keys generated by the server which acts as a Key Generation Center (KGC).
- First Step: Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step: Server generates Random challenge or Random value of n-bits using Pseudo Random Number Generator (PRNG). Further, Server encrypts Random value with client's public key using Elliptic Curve Encryption method (ECE). Client decrypts the encrypted random value with its private key using ECE.
- Third Step: Client generates Public and Private Keys on Elliptic curve by making use of elliptic curve cryptography method. The length of the public key and the private key could either be 256 bits or 384 bits or 512 bits as recommended by NIST (National Institute of Standards and Technology). Client creates a signature on the value sent by the server using elliptic curve digital signature algorithm and sends the signature to Server.
- Fourth Step: Server verifies the signature using elliptic curve digital signature algorithm and subsequently generates a key pair on the elliptic curve. Server sends its public key to Client.
- Fifth Step: Client and server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- Sixth Step: Client and server negotiate Session key of m bits generated using elliptic curve diffie hellman algorithm, for the purpose of Encryption. Client and server have a cipher suite.
- Seventh Step: A secure communication is established between Client and Server.
- In the above protocol, an attacker cannot guess a random challenge or random value generated in the protocol, as it is transmitted in an encrypted form and hence the replay and rushing attacks are prevented.
- The steps involved in setting up certificateless PKI based communications using second network security protocol are seen in
FIG. 2 . The certificateless PKI based communication using second network security protocol is slightly different from first Network security protocol as there is no initial set up for generating a pair of public and private keys for client and server but client and server have a unique message preprocessing (MP) function which converts the plain text into a random message. Bijective mapping is used for the purpose of ensuring that no modification has taken place, when the random value is sent. In case of the random value, the bit sequence representing the particular value will be altered or randomized thereby masking the original value. - As shown in
FIG. 2 , the client initiates the communication by sending an introductory message such as “client Hello”. In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator. The server processes the generated random value using the message preprocessing function (message randomization function). The message preprocessing function includes performing three operations in sequential manner. The three operations are shuffling, T-Function and LFSR (Linear Feedback Shift Register). The process of preprocessing starts with shuffling of bits. Shuffling of bits helps increase the diffusion. Diffusion refers to the property that, the redundancy in the statistics of the input is dissipated in the output. The process of shuffling is invertible and the original bit sequence can be easily recovered from the shuffled bit sequence. - The process of bit shuffling is followed by the process of T-Function. T-function is an update function which updates every bit by a linear combination of the same bit and the less significant bits. The process of T-function is followed by the function of LFSR (Linear Feedback Shift Register). LFSR is a process that includes using an irreducible polynomial of degree 32 and period 232−1. In case of LFSR the given input is shifted with the given polynomial for 4 to 15 cycles. The output of bit shuffling, T-Function and LFSR (collectively referred to as preprocessing) is a highly randomized value.
- The server after subjecting the generated value to the preprocessing function sends the preprocessed value and the original value to the client. The preprocessed value is a derivative of the original value and the only difference between the preprocessed value and the original value is that, in case of the preprocessed value the bit sequence would be altered. At the client end, the preprocessed value is verified using the functions of shuffling, T-Function and LFSR in the reverse order, i.e., the process of LFSR is followed by T function and bit shuffling. The order of conduction of the above mentioned process is reversed in case of preprocessing the value. Since all the three functions are invertible, the order of conduction can be reversed without any data loss and adverse effects. The client after performing the above mentioned functions in the reverse order (i.e., LFSR followed by T-Functioning and Bit shuffling) obtains the verified value. Client compares the verified value that has been obtained as a result of performing the process of LFSR, T-Functioning and bit shuffling and the original value sent by the server thereby detecting whether the value had been forged. After verifying the value sent by the server, if the value sent by the server is authentic, the client generates a pair of public key and private key using the elliptic curve diffie-hellman algorithm. The client further creates a signature on the value sent by the server using elliptic curve digital signature algorithm and sends the signature along with its public key to the server. The server on receiving the signature, verifies the signature sent by the client using elliptic curve digital signature algorithm and subsequently generates a pair of public key and private key using elliptic curve diffie hellman algorithm. Subsequently, the server sends the generated public key to the client.
- Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server. The server in return generates an ‘m’ bit session key based on the secret key and elliptic curve diffie hellman algorithm. The secret key and the corresponding session key are generated by making use of elliptic curve diffie hellman algorithm.
Reference numeral 200 ofFIG. 2 denotes the step of generation of session key of length ‘m’ bits based on the secret key and elliptic curve diffie hellman algorithm. For all the subsequent communications and transactions between the server and the client, the session key is used. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure. - The steps involved in the method for facilitating a secure communication between the server and the client using the second network security protocol are given below.
- First Step: Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step: Server generates Random challenge or Random Number of n-bits using Pseudo Random Number Generator (PRNG) and computes the message preprocessing of Random Number. Client receives the Random Number and MP (Random Number). It verifies MP (Random Number).
- Third Step: Client generates Public and Private keys on Elliptic curve. The length of the private key and the public key could be either 256 bits or 384 bits or 512 bits as recommended by NIST (National Institute of Standards and Technology). Client signs the value sent by the server using elliptic curve digital signature algorithm and sends the signature with its public key to Server.
- Fourth Step: Server verifies the signature and generates a key pair on the elliptic curve. Server sends its public key to Client.
- Fifth Step: Client and Server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- Sixth Step: Client and Server negotiate a Session key of m bits created using elliptic curve diffie hellman algorithm, for the purpose of Encryption. Client and Server have a cipher suite.
- Seventh Step: A secure communication is established between Client and Server.
- In the above protocol, replay and rushing attacks are prevented as Random Number is sent in plain with MP (Random Number) and it is interesting to see the notion of bijective property in MP, that an attacker can change the Random Number, but MP (Random Number) cannot be changed.
- The certificateless PKI (Public Key Infrastructure) based communication using third network security protocol is similar to first Network Security Protocol but the difference can be seen in signature generation. Client uses Jacobi identity, a special product on Lie algebras, to authenticate server. The Jacobi identity works on a random challenge RC=x∥y∥z and follows the relationship [[x, y], z]+[[y, z], x]+[[z, x], y]=0.
- The steps involved in setting up certificateless PKI based communications using third network security protocol are seen in
FIG. 3 . - As shown in
FIG. 3 , the client initiates the communication by sending an introductory message such as “client Hello”. In return to client message, the server generates a random number (value) of length ‘n’ bits using a random number generator. The server further encrypts the generated value using client's public key. No digital certificates are created during the process of encryption of random value. The server keeps track of the set of private key and public key assigned to individual clients. Elliptic curve cryptography method is utilized at the server side for encrypting the value. The value that has been encrypted using client's public key is sent to the client. The server challenges the client to decrypt the encrypted value and prove its identity. The client receives the encrypted value and decrypts the encrypted value using its private key and elliptic curve cryptography method thereby proving to the server that it is a trusted destination. - The client further computes the jacobi identity on the sent value. That is, the client divides the decrypted value into three parts. The client further generates the lie product on the received value.
- In accordance with the invention, if the value is divided into three parts namely x, y and z then the jacobi identity of the value would be represented by x∥y∥z. The jacobi identity of the random number is verified by using the relationship [[x, y], z]+[[y, z], x]+[[z, x],y]=0.
- In accordance with the invention, when the client generates and sends the lie product of the value to the server, the server verifies the lie product sent by the client using the relationship [[x, y], z]+[[y, z], x]+[[z, x],x]=0. After verifying the authenticity of the lie product sent by the client, the server further generates a pair of public key and private key by making use of elliptic curve cryptography. Elliptic curve diffie hellman algorithm which forms a part of the elliptic curve cryptography is used for the purpose of generating the pair of public key and private key. The client subsequently sends its public key to the client. Upon receiving the public key from the server, the client generates a secret key of length ‘m’ bits using elliptic curve diffie hellman algorithm and shares the secret key with the server. The server in return generates an ‘m’ bit session key using the secret key and elliptic curve diffie hellman algorithm. The secret key and the corresponding session key are generated by making use of elliptic curve diffie hellman algorithm.
Reference numeral 300 ofFIG. 3 denotes the step of generation of session key of length ‘m’ bits. For all the subsequent communications and transactions between the server and the client the session key is used. Since the session key is known only to the server and the client, the communication between the client and the server is entirely secure. - The steps involved in the method for facilitating a secure communication between the server and the client using the third network security protocol are given below.
- Initial set up: Every client has a pair of Public and Private keys generated by the server which acts as a Key Generation Center (KGC).
- First Step: Client initiates the communication to server by sending a message ‘Client Hello!’
- Second Step: Server generates Random challenge or Random Number of n-bits using Pseudo Random Number Generator (PRNG). Further, Server encrypts Random Number with client's public key using Elliptic Curve Cryptography method (ECC). Client decrypts the encrypted Random number with its private key using Elliptic Curve Cryptography method.
- Third Step: Client computes Jacobi identity on Random Number=x∥y∥z and sends the Lie product [[x, y], z] to server.
- Fourth Step: Server verifies the relationship [[x, y], z]+[[y, z], x]+[[z, x], y]=0. Server sends its public key using ECC (elliptic curve cryptography) to Client.
- Fifth Step: Client and server negotiate an m-bit shared secret key using ECDH (elliptic curve diffie hellman) algorithm.
- Sixth Step: Client and server negotiate a Session key of m bits that has been generated using elliptic curve diffie hellman algorithm, for the purpose of Encryption. Client and server have a cipher suite.
- Seventh Step: A secure communication is established between Client and Server.
- The technical advancements of the present invention are as follows:
-
- The present invention provides a robust system for secured communication between a client and a server.
- Present invention provides a system which is tamper-proof
- Present invention provides a lightweight authentication system.
- Present invention provides a cost effective system which uses certificateless public key cryptography techniques.
- Present invention provides a time efficient system which implements certificateless public key cryptography techniques without bilinear pairing.
- Present invention provides a set of protocols using which, the replay and rushing attacks could be prevented.
- Present invention provides a set of protocols which could be operated even with lower bandwidths.
- Present invention provides a set of protocols that reduce the probability of loss of information by employing analytically strong functions.
- Present invention provides a set of protocols that would allow the users to carry out secure online cash transactions.
- Present invention provides a set of protocols whose performance will not be adversely affected due to the presence of larger amounts of transferable data.
- The present invention is useful in applications in client-server set up over TLS (Transport Security Layer) and UDP (User Datagram Protocol) communications, smart phones, mobile banking, location based systems, set-top box units, access control systems, remote control systems, personal digital assistants, wireless devices, alarm systems, mesh topology networks, mobile payment system, key less go systems, mobile communications and the like.
- While considerable emphasis has been placed herein on the particular features of this invention, it will be appreciated that various modifications can be made, and that many changes can be made in the preferred embodiment without departing from the principles of the invention. These and other modifications in the nature of the invention or the preferred embodiments will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the invention and not as a limitation.
Claims (15)
1. A system for facilitating secure client server communication, said system comprising:
a random number generator adapted to generate a random number;
processing means adapted to receive said random number and produce a processed value;
first verification means adapted to receive and verify said processed value to detect forgery, said first verification means further adapted to generate a verified value;
computing means coupled to first verification means, said computing means adapted to generate a first value, said computing means further adapted to generate a second value corresponding to said first value;
second verification means having predetermined primitives, said second verification means adapted to receive and verify said second value, said second verification means further adapted to generate a public key and corresponding private key;
secret key generation means having said predetermined primitives, said secret key generation means adapted to receive said public key from said second verification means and generate a secret key; and
session key generation means having said predetermined primitives, said session key generation means adapted to receive said secret key from said secret key generation means and generate a session key corresponding to said secret key;
said secret key and said session key facilitating secure client server communication.
2. The system as claimed in claim 1 , wherein said processing means includes an encryption means adapted to receive said random number and encrypt said random number with the public key using elliptic curve encryption.
3. The system as claimed in claim 1 , wherein said processing means includes a preprocessing means adapted to receive said random number and preprocess said random number to produce said processed value.
4. The system as claimed in claim 1 , wherein said first verification means includes a decryption means adapted to receive said processed value and decrypt said processed value with the private key using elliptic curve encryption.
5. The system as claimed in claim 1 , wherein said first verification means includes a preprocessing means adapted to receive and verify said processed value to detect forgery.
6. The system as claimed in claim 1 , wherein said first value is selected from the group consisting of jacobi identity and pair of public key and private key.
7. The system as claimed in claim 1 , wherein said second value is selected from the group consisting of digitally signed value and lie product.
8. The system as claimed in claim 1 , wherein said predetermined primitives are selected from the group consisting of elliptic curve diffie hellman system, elliptic curve digital signature system, message randomization system and jacobi identity verification system.
9. A method for facilitating secure client server communication, said method comprising the steps of:
generating a random number;
processing said random number to generate a processed value;
verifying said processed value to detect forgery;
generating a first value;
generating a second value corresponding to said first value;
verifying said second value using predetermined primitives;
generating a public key and a corresponding private key;
transmitting said public key and retaining said private key;
receiving said transmitted public key and generating a secret key based on predetermined primitives; and
generating a session key based on said secret key and said predetermined primitives.
10. The method as claimed in claim 9 , wherein the step of processing said random number to produce a processed value further includes processing said random number using primitives selected from the group consisting of elliptic curve diffie hellman method, elliptic curve digital signature method and message randomization method.
11. The method as claimed in claim 9 , wherein the step of verifying said processed value to detect forgery further includes verifying said processed value using primitives selected from the group consisting of elliptic curve diffie hellman method, elliptic curve digital signature method and message randomization method.
12. The method as claimed in claim 9 , wherein the step of generating said first value further includes generating a value selected from the group consisting of pair of public key and private key and jacobi identity;
13. The method as claimed in claim 9 , wherein the step of generating said second value corresponding to said first value further includes generating a value selected from the group consisting of digitally signed value and lie product.
14. The method as claimed in claim 9 , wherein the step of generating a secret key further includes generating said secret key based on primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
15. The method as claimed in claim 9 , wherein the step of generating a session key based on said secret key and predetermined primitives further includes generating said session key based on primitives selected from the group consisting of elliptic curve diffie hellman method and elliptic curve digital signature method.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN2849MU2009 | 2009-12-10 | ||
IN2849/MUM/2009 | 2009-12-10 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120023336A1 true US20120023336A1 (en) | 2012-01-26 |
US8670563B2 US8670563B2 (en) | 2014-03-11 |
Family
ID=43797795
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/963,409 Active 2031-07-31 US8670563B2 (en) | 2009-12-10 | 2010-12-08 | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure |
Country Status (5)
Country | Link |
---|---|
US (1) | US8670563B2 (en) |
EP (1) | EP2334008A1 (en) |
JP (3) | JP2011125020A (en) |
CN (1) | CN102098157B (en) |
HK (1) | HK1159349A1 (en) |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120224695A1 (en) * | 2011-03-03 | 2012-09-06 | Kabushiki Kaisha Toshiba | Communicating device and communicating method |
US20130073850A1 (en) * | 2011-09-16 | 2013-03-21 | Certicom Corp. | Hybrid encryption schemes |
US8745394B1 (en) | 2013-08-22 | 2014-06-03 | Citibank, N.A. | Methods and systems for secure electronic communication |
US20140281525A1 (en) * | 2013-03-15 | 2014-09-18 | Microsoft Corporation | Minimal disclosure credential verification and revocation |
CN104378374A (en) * | 2014-11-14 | 2015-02-25 | 国家超级计算深圳中心(深圳云计算中心) | SSL-based method and system for establishing communication |
US20150180653A1 (en) * | 2013-09-10 | 2015-06-25 | John A. Nix | Module for "Machine-to-Machine" Communications using Public Key Infrastructure |
US20150319164A1 (en) * | 2012-03-01 | 2015-11-05 | Certicom Corp. | System and method for connecting client devices to a network |
US9351162B2 (en) | 2013-11-19 | 2016-05-24 | M2M And Iot Technologies, Llc | Network supporting two-factor authentication for modules with embedded universal integrated circuit cards |
WO2017014614A1 (en) * | 2015-07-23 | 2017-01-26 | 주식회사 투아이피 | Method for operating communication client of iot device, and iot device including communication client |
CN106385593A (en) * | 2016-09-14 | 2017-02-08 | 武汉斗鱼网络科技有限公司 | Method and system for counting number of persons watching live broadcast simultaneously based on elliptical curve algorithm |
US9635003B1 (en) * | 2015-04-21 | 2017-04-25 | The United States Of America As Represented By The Director, National Security Agency | Method of validating a private-public key pair |
CN109074759A (en) * | 2016-05-03 | 2018-12-21 | 塞帝通公司 | The method and system of static DIFFIE-HELLMAN safety for Cheon resistance |
WO2019074921A1 (en) * | 2017-10-09 | 2019-04-18 | Data Republic Pty Ltd | System and method to protect sensitive information via distributed trust |
US10484376B1 (en) | 2015-01-26 | 2019-11-19 | Winklevoss Ip, Llc | Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment |
US10498530B2 (en) | 2013-09-27 | 2019-12-03 | Network-1 Technologies, Inc. | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
CN110768938A (en) * | 2018-07-27 | 2020-02-07 | 上海汽车集团股份有限公司 | Vehicle safety communication method and device |
US10700856B2 (en) | 2013-11-19 | 2020-06-30 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
CN111600704A (en) * | 2020-05-12 | 2020-08-28 | 北京海益同展信息科技有限公司 | SM 2-based key exchange method, system, electronic device and storage medium |
CN111931249A (en) * | 2020-09-22 | 2020-11-13 | 西南石油大学 | Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism |
CN112003698A (en) * | 2020-09-07 | 2020-11-27 | 北京三未信安科技发展有限公司 | SM9 collaborative digital signature method and system |
CN113079508A (en) * | 2021-04-06 | 2021-07-06 | 中国工商银行股份有限公司 | Data transmission method, device and equipment based on block chain network |
US11070367B2 (en) * | 2017-02-15 | 2021-07-20 | Koninklijke Philips N.V. | Key exchange devices and methods |
US11093213B1 (en) * | 2010-12-29 | 2021-08-17 | Ternarylogic Llc | Cryptographic computer machines with novel switching devices |
CN113572603A (en) * | 2021-07-21 | 2021-10-29 | 淮阴工学院 | Heterogeneous user authentication and key agreement method |
CN114070550A (en) * | 2020-07-31 | 2022-02-18 | 马上消费金融股份有限公司 | Information processing method, device, equipment and storage medium |
CN114124423A (en) * | 2020-08-31 | 2022-03-01 | Oppo广东移动通信有限公司 | Authentication method, client, server and storage medium |
US11336425B1 (en) * | 2010-06-01 | 2022-05-17 | Ternarylogic Llc | Cryptographic machines characterized by a Finite Lab-Transform (FLT) |
CN114785528A (en) * | 2022-06-20 | 2022-07-22 | 深圳市乐凡信息科技有限公司 | Data transmission encryption method, system, equipment and storage medium |
US11438176B2 (en) * | 2018-11-20 | 2022-09-06 | lOT AND M2M TECHNOLOGIES, LLC | Mutually authenticated ECDHE key exchange for a device and a network using multiple PKI key pairs |
US20230125560A1 (en) * | 2015-12-20 | 2023-04-27 | Peter Lablans | Cryptographic Computer Machines with Novel Switching Devices |
US20230231712A1 (en) * | 2022-01-14 | 2023-07-20 | Micron Technology, Inc. | Embedded tls protocol for lightweight devices |
US11757864B1 (en) * | 2013-03-12 | 2023-09-12 | Cable Television Laboratories, Inc. | Certificate authentication |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102201920B (en) * | 2011-07-12 | 2013-06-12 | 北京中兴通数码科技有限公司 | Method for constructing certificateless public key cryptography |
EP2566098A1 (en) * | 2011-08-29 | 2013-03-06 | Thomson Licensing | Signcryption method and device and corresponding signcryption verification method and device |
CN104094267B (en) * | 2011-12-15 | 2020-04-07 | 英特尔公司 | Method, apparatus and system for secure sharing of media content from a source device |
WO2013116916A1 (en) * | 2012-02-09 | 2013-08-15 | Irdeto Canada Corporation | System and method for generating and protecting cryptographic keys |
CN103024743B (en) * | 2012-12-17 | 2016-05-25 | 北京航空航天大学 | The credible and secure cut-in method of a kind of WLAN |
CN103475473B (en) * | 2013-08-26 | 2016-10-05 | 数安时代科技股份有限公司 | Crypto-operation method and server in digital signature method and equipment, digital signature |
EP3074906B1 (en) * | 2013-11-26 | 2020-11-11 | Intel Corporation | Techniques for extending communications chain of trust to client applications |
CN104954327B (en) * | 2014-03-27 | 2019-02-22 | 东华软件股份公司 | Server and method, terminal and method and system for terminal connection control |
US11399019B2 (en) | 2014-10-24 | 2022-07-26 | Netflix, Inc. | Failure recovery mechanism to re-establish secured communications |
US11533297B2 (en) | 2014-10-24 | 2022-12-20 | Netflix, Inc. | Secure communication channel with token renewal mechanism |
US10050955B2 (en) * | 2014-10-24 | 2018-08-14 | Netflix, Inc. | Efficient start-up for secured connections and related services |
CN104811302B (en) * | 2015-05-15 | 2016-08-17 | 陕西师范大学 | Mix based on the elliptic curve without certificate and sign decryption method |
US9843449B2 (en) * | 2015-06-09 | 2017-12-12 | Dresser, Inc. | Secure device communication |
CN105187205B (en) * | 2015-08-05 | 2018-05-15 | 北京航空航天大学 | The authentication key agreement method and negotiating system based on level identity base without certificate |
CN107040367B (en) * | 2016-02-04 | 2020-11-20 | 宁波巨博信息科技有限公司 | Method, device and system for session key negotiation |
GB2547039A (en) * | 2016-02-05 | 2017-08-09 | Vodafone Ip Licensing Ltd | Secured service provisioning |
WO2017187207A1 (en) * | 2016-04-29 | 2017-11-02 | Privitar Limited | Computer-implemented privacy engineering system and method |
JP6834400B2 (en) | 2016-11-22 | 2021-02-24 | ソニー株式会社 | Image sensor, stacked image sensor, image sensor and electronic device |
CN107248909B (en) * | 2017-03-16 | 2020-07-03 | 北京百旺信安科技有限公司 | Certificateless secure signature method based on SM2 algorithm |
CN108289026B (en) * | 2017-12-22 | 2020-07-31 | 北京邮电大学 | Identity authentication method in satellite network and related equipment |
CN110868285B (en) * | 2018-08-28 | 2023-05-19 | 中国电信股份有限公司 | Authentication method, server, system, and computer-readable storage medium |
CN109257181B (en) * | 2018-10-17 | 2019-10-29 | 西安邮电大学 | Without the blind label decryption method of elliptic curve under certificate environment |
CN109274502B (en) * | 2018-11-02 | 2021-11-23 | 克洛斯比尔有限公司 | Method and device for creating public key encryption and key signature and readable storage medium |
CN109687957A (en) * | 2018-12-26 | 2019-04-26 | 无锡泛太科技有限公司 | A kind of RFID authentication method of the public-key cryptography scheme based on ellipse-hyperbolic |
CN110113155B (en) * | 2019-04-28 | 2020-10-23 | 电子科技大学 | High-efficiency certificateless public key encryption method |
WO2020227920A1 (en) * | 2019-05-14 | 2020-11-19 | Daolicloud Information Technology (Beijing) Co., Ltd. | Trustlessly agreeable distributed consensus authentication for identity as a public key |
KR102241389B1 (en) * | 2019-09-23 | 2021-04-16 | 주식회사 케이씨에스 | Encryption Device for Cryptographic Authentication of High Speed and Driving Method Thereof |
US11314876B2 (en) | 2020-05-28 | 2022-04-26 | Bank Of America Corporation | System and method for managing built-in security for content distribution |
CN112448806A (en) * | 2020-09-29 | 2021-03-05 | 尚承科技股份有限公司 | Electronic information safety transmission system and method |
KR102328896B1 (en) * | 2020-11-10 | 2021-11-22 | 주식회사 아톰릭스랩 | Crypto Key distribution and recovery method for 3rd party managed system |
KR102329580B1 (en) * | 2020-11-10 | 2021-11-23 | 주식회사 아톰릭스랩 | Crypto Key distribution and recovery method for multiple 3rd parties managed systems |
CN112600668A (en) * | 2020-12-15 | 2021-04-02 | 上海银基信息安全技术股份有限公司 | Key agreement method, device, electronic equipment and storage medium |
CN113347009B (en) * | 2021-08-05 | 2022-01-07 | 成都飞机工业(集团)有限责任公司 | Certificateless threshold signcryption method based on elliptic curve cryptosystem |
CN113806771A (en) * | 2021-09-01 | 2021-12-17 | 上海兆芯集成电路有限公司 | Processor with elliptic curve cryptographic algorithm and processing method thereof |
CN114095214B (en) * | 2021-10-29 | 2023-12-12 | 上海热线信息网络有限公司 | Encryption and decryption method, device, equipment and medium based on block chain NFT technology |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6169803B1 (en) * | 1997-01-24 | 2001-01-02 | Nec Corporation | Encryption key processing system to be incorporated into data recovery system or key setting system for generating encryption key |
US7123721B2 (en) * | 1998-12-04 | 2006-10-17 | Certicom Corp. | Enhanced subscriber authentication protocol |
US20070033403A1 (en) * | 2005-07-21 | 2007-02-08 | Microsoft Corporation | Extended authenticated key exchange |
US20070043946A1 (en) * | 2005-08-18 | 2007-02-22 | Microsoft Corporation | Key confirmed authenticated key exchange with derived ephemeral keys |
US7664259B2 (en) * | 2006-03-09 | 2010-02-16 | Motorola, Inc. | Encryption and verification using partial public key |
US7680260B2 (en) * | 2005-05-03 | 2010-03-16 | Avaya Inc. | Detecting a voice mail system answering a call |
US20100153728A1 (en) * | 2008-12-16 | 2010-06-17 | Certicom Corp. | Acceleration of key agreement protocols |
US20100211779A1 (en) * | 2009-02-17 | 2010-08-19 | Sundaram Ganapathy S | Identity Based Authenticated Key Agreement Protocol |
US20100306525A1 (en) * | 2009-05-28 | 2010-12-02 | Microsoft Corporation | Efficient distribution of computation in key agreement |
US20110055567A1 (en) * | 2009-08-28 | 2011-03-03 | Sundaram Ganapathy S | Secure Key Management in Multimedia Communication System |
US7961873B2 (en) * | 2004-03-03 | 2011-06-14 | King Fahd University Of Petroleum And Minerals | Password protocols using XZ-elliptic curve cryptography |
US8074265B2 (en) * | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69917356T2 (en) | 1998-02-13 | 2005-02-17 | Hitachi, Ltd. | Security technology on a computer network |
JPH11234259A (en) * | 1998-02-13 | 1999-08-27 | Hitachi Ltd | Other party authentication and key delivery method, device using the method, cryptography communication method and system therefor |
JP2001236321A (en) * | 2000-02-23 | 2001-08-31 | Ntt Comware Corp | System and method for authentication and recording medium with recorded program therefor |
CN1444168A (en) | 2003-04-23 | 2003-09-24 | 浙江大学 | Probability type asymmetric encipherment method based on public key certificate on ellipse curve |
JP4464187B2 (en) * | 2003-05-07 | 2010-05-19 | パナソニック株式会社 | Transmission / reception system |
JP4706165B2 (en) * | 2003-05-26 | 2011-06-22 | 日本電気株式会社 | Account management system, account management method, and account management program |
US7549044B2 (en) | 2003-10-28 | 2009-06-16 | Dphi Acquisitions, Inc. | Block-level storage device with content security |
EP1601154A1 (en) | 2004-05-28 | 2005-11-30 | Sap Ag | Client authentication using a challenge provider |
US7747865B2 (en) * | 2005-02-10 | 2010-06-29 | International Business Machines Corporation | Method and structure for challenge-response signatures and high-performance secure Diffie-Hellman protocols |
EP1851902A1 (en) | 2005-02-25 | 2007-11-07 | QUALCOMM Incorporated | Small public-key based digital signatures for authentication |
JP4706317B2 (en) * | 2005-04-19 | 2011-06-22 | ソニー株式会社 | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION TERMINAL |
JP4970178B2 (en) * | 2007-07-20 | 2012-07-04 | 株式会社東芝 | Face-to-face business system, face-to-face control server device, and program |
US8086860B2 (en) * | 2007-10-01 | 2011-12-27 | Tata Consultancy Services Limited | Method for preventing and detecting hash collisions of data during the data transmission |
-
2010
- 2010-12-07 EP EP10193957.7A patent/EP2334008A1/en not_active Ceased
- 2010-12-08 US US12/963,409 patent/US8670563B2/en active Active
- 2010-12-10 JP JP2010275385A patent/JP2011125020A/en active Pending
- 2010-12-10 CN CN201010589090.4A patent/CN102098157B/en active Active
-
2011
- 2011-12-12 HK HK11113388.0A patent/HK1159349A1/en unknown
-
2015
- 2015-10-22 JP JP2015207711A patent/JP2016036166A/en active Pending
-
2016
- 2016-10-07 JP JP2016199248A patent/JP2017063432A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6169803B1 (en) * | 1997-01-24 | 2001-01-02 | Nec Corporation | Encryption key processing system to be incorporated into data recovery system or key setting system for generating encryption key |
US7123721B2 (en) * | 1998-12-04 | 2006-10-17 | Certicom Corp. | Enhanced subscriber authentication protocol |
US7961873B2 (en) * | 2004-03-03 | 2011-06-14 | King Fahd University Of Petroleum And Minerals | Password protocols using XZ-elliptic curve cryptography |
US7680260B2 (en) * | 2005-05-03 | 2010-03-16 | Avaya Inc. | Detecting a voice mail system answering a call |
US20070033403A1 (en) * | 2005-07-21 | 2007-02-08 | Microsoft Corporation | Extended authenticated key exchange |
US20070043946A1 (en) * | 2005-08-18 | 2007-02-22 | Microsoft Corporation | Key confirmed authenticated key exchange with derived ephemeral keys |
US7664259B2 (en) * | 2006-03-09 | 2010-02-16 | Motorola, Inc. | Encryption and verification using partial public key |
US8074265B2 (en) * | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
US20100153728A1 (en) * | 2008-12-16 | 2010-06-17 | Certicom Corp. | Acceleration of key agreement protocols |
US20100211779A1 (en) * | 2009-02-17 | 2010-08-19 | Sundaram Ganapathy S | Identity Based Authenticated Key Agreement Protocol |
US20100306525A1 (en) * | 2009-05-28 | 2010-12-02 | Microsoft Corporation | Efficient distribution of computation in key agreement |
US20110055567A1 (en) * | 2009-08-28 | 2011-03-03 | Sundaram Ganapathy S | Secure Key Management in Multimedia Communication System |
Non-Patent Citations (3)
Title |
---|
Gupta, V., Gupta, S., Chang, S., Stebila, D., "Performance analysis of elliptic curve cryptography for SSL", WiSE '02 Proceedings of the 1st ACM workshop on Wireless security, 2002 Pages 87 - 94 [retrieved on 6.17.2012 on ACM database]. * |
Gura, N., Shantaz, C., Hans, E.,Gupta, S., Gupta, V., Finchelstein, D., Goupy, E., Stebila,D., "An End-to-End Systems Approach to Elliptic Curve Cryptography", Cryptographic Hardware and Embedded Systems - CHES 2002 Lecture Notes in Computer Science, 2003, Volume 2523/2003 [retrieved on 6.17.2012 from SpringerLink database]. * |
Yongliang, L., Gao, W., Yao, H., Yu, X., "Elliptic Curve Cryptography Based Wireless Authentication Protocol", national Journal of Network Security, Vol.5, No.3, PP.327-337, Nov. 2007 [retrieved on 6.17.2012 from Internet "http://ijns.femto.com.tw/contents/ijns-v5-n3/ijns-2007-v5-n3-p327-337.pdf"]. * |
Cited By (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11336425B1 (en) * | 2010-06-01 | 2022-05-17 | Ternarylogic Llc | Cryptographic machines characterized by a Finite Lab-Transform (FLT) |
US11093213B1 (en) * | 2010-12-29 | 2021-08-17 | Ternarylogic Llc | Cryptographic computer machines with novel switching devices |
US9042553B2 (en) * | 2011-03-03 | 2015-05-26 | Kabushiki Kaisha Toshiba | Communicating device and communicating method |
US20120224695A1 (en) * | 2011-03-03 | 2012-09-06 | Kabushiki Kaisha Toshiba | Communicating device and communicating method |
US20130073850A1 (en) * | 2011-09-16 | 2013-03-21 | Certicom Corp. | Hybrid encryption schemes |
US9172529B2 (en) * | 2011-09-16 | 2015-10-27 | Certicom Corp. | Hybrid encryption schemes |
US20150319164A1 (en) * | 2012-03-01 | 2015-11-05 | Certicom Corp. | System and method for connecting client devices to a network |
US9621545B2 (en) * | 2012-03-01 | 2017-04-11 | Certicom Corp. | System and method for connecting client devices to a network |
US11757864B1 (en) * | 2013-03-12 | 2023-09-12 | Cable Television Laboratories, Inc. | Certificate authentication |
US20140281525A1 (en) * | 2013-03-15 | 2014-09-18 | Microsoft Corporation | Minimal disclosure credential verification and revocation |
US9768962B2 (en) * | 2013-03-15 | 2017-09-19 | Microsoft Technology Licensing, Llc | Minimal disclosure credential verification and revocation |
US8745394B1 (en) | 2013-08-22 | 2014-06-03 | Citibank, N.A. | Methods and systems for secure electronic communication |
US11283603B2 (en) | 2013-09-10 | 2022-03-22 | Network-1 Technologies, Inc. | Set of servers for “machine-to-machine” communications using public key infrastructure |
US20150180653A1 (en) * | 2013-09-10 | 2015-06-25 | John A. Nix | Module for "Machine-to-Machine" Communications using Public Key Infrastructure |
US9350550B2 (en) | 2013-09-10 | 2016-05-24 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
US9319223B2 (en) | 2013-09-10 | 2016-04-19 | M2M And Iot Technologies, Llc | Key derivation for a module using an embedded universal integrated circuit card |
US9300473B2 (en) * | 2013-09-10 | 2016-03-29 | M2M And Iot Technologies, Llc | Module for “machine-to-machine” communications using public key infrastructure |
US9596078B2 (en) | 2013-09-10 | 2017-03-14 | M2M And Iot Technologies, Llc | Set of servers for “machine-to-machine” communications using public key infrastructure |
US9288059B2 (en) | 2013-09-10 | 2016-03-15 | M2M And Iot Technologies, Llc | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
US9276740B2 (en) | 2013-09-10 | 2016-03-01 | M2M And Iot Technologies, Llc | Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) |
US9641327B2 (en) | 2013-09-10 | 2017-05-02 | M2M And Iot Technologies, Llc | Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) |
US9698981B2 (en) | 2013-09-10 | 2017-07-04 | M2M And Iot Technologies, Llc | Power management and security for wireless modules in “machine-to-machine” communications |
US9742562B2 (en) | 2013-09-10 | 2017-08-22 | M2M And Iot Technologies, Llc | Key derivation for a module using an embedded universal integrated circuit card |
US11606204B2 (en) | 2013-09-10 | 2023-03-14 | Network-1 Technologies, Inc. | Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) |
US10652017B2 (en) | 2013-09-10 | 2020-05-12 | Network-1 Technologies, Inc. | Set of servers for “machine-to-machine” communications using public key infrastructure |
US9998281B2 (en) | 2013-09-10 | 2018-06-12 | Network-1 Technologies, Inc. | Set of servers for “machine-to-machine” communications using public key infrastructure |
US9998280B2 (en) | 2013-09-10 | 2018-06-12 | Network-1 Technologies, Inc. | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
US10003461B2 (en) | 2013-09-10 | 2018-06-19 | Network-1 Technologies, Inc. | Power management and security for wireless modules in “machine-to-machine” communications |
US10057059B2 (en) | 2013-09-10 | 2018-08-21 | Network-1 Technologies, Inc. | Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) |
US10530575B2 (en) | 2013-09-10 | 2020-01-07 | Network-1 Technologies, Inc. | Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI) |
US10523432B2 (en) | 2013-09-10 | 2019-12-31 | Network-1 Technologies, Inc. | Power management and security for wireless modules in “machine-to-machine” communications |
US10177911B2 (en) | 2013-09-10 | 2019-01-08 | Network-1 Technologies, Inc. | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
US10187206B2 (en) | 2013-09-10 | 2019-01-22 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
US10250386B2 (en) | 2013-09-10 | 2019-04-02 | Network-1 Technologies, Inc. | Power management and security for wireless modules in “machine-to-machine” communications |
US10498530B2 (en) | 2013-09-27 | 2019-12-03 | Network-1 Technologies, Inc. | Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys |
US9961060B2 (en) | 2013-11-19 | 2018-05-01 | Network-1 Technologies, Inc. | Embedded universal integrated circuit card supporting two-factor authentication |
US9351162B2 (en) | 2013-11-19 | 2016-05-24 | M2M And Iot Technologies, Llc | Network supporting two-factor authentication for modules with embedded universal integrated circuit cards |
US10594679B2 (en) | 2013-11-19 | 2020-03-17 | Network-1 Technologies, Inc. | Network supporting two-factor authentication for modules with embedded universal integrated circuit cards |
US10362012B2 (en) | 2013-11-19 | 2019-07-23 | Network-1 Technologies, Inc. | Network supporting two-factor authentication for modules with embedded universal integrated circuit cards |
US11082218B2 (en) | 2013-11-19 | 2021-08-03 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
US10700856B2 (en) | 2013-11-19 | 2020-06-30 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
US11916893B2 (en) | 2013-12-06 | 2024-02-27 | Network-1 Technologies, Inc. | Embedded universal integrated circuit card supporting two-factor authentication |
US10382422B2 (en) | 2013-12-06 | 2019-08-13 | Network-1 Technologies, Inc. | Embedded universal integrated circuit card supporting two-factor authentication |
US10084768B2 (en) | 2013-12-06 | 2018-09-25 | Network-1 Technologies, Inc. | Embedded universal integrated circuit card supporting two-factor authentication |
US11233780B2 (en) | 2013-12-06 | 2022-01-25 | Network-1 Technologies, Inc. | Embedded universal integrated circuit card supporting two-factor authentication |
CN104378374A (en) * | 2014-11-14 | 2015-02-25 | 国家超级计算深圳中心(深圳云计算中心) | SSL-based method and system for establishing communication |
US10484376B1 (en) | 2015-01-26 | 2019-11-19 | Winklevoss Ip, Llc | Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment |
US10778682B1 (en) | 2015-01-26 | 2020-09-15 | Winklevoss Ip, Llc | Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment |
US11283797B2 (en) | 2015-01-26 | 2022-03-22 | Gemini Ip, Llc | Authenticating a user device associated with a user to communicate via a wireless network in a secure web-based environment |
US9635003B1 (en) * | 2015-04-21 | 2017-04-25 | The United States Of America As Represented By The Director, National Security Agency | Method of validating a private-public key pair |
WO2017014614A1 (en) * | 2015-07-23 | 2017-01-26 | 주식회사 투아이피 | Method for operating communication client of iot device, and iot device including communication client |
US20230125560A1 (en) * | 2015-12-20 | 2023-04-27 | Peter Lablans | Cryptographic Computer Machines with Novel Switching Devices |
US20230224157A1 (en) * | 2016-05-03 | 2023-07-13 | Blackberry Limited | Method and system for cheon resistant static diffie-hellman security |
US20220345308A1 (en) * | 2016-05-03 | 2022-10-27 | Blackberry Limited | Method and system for cheon resistant static diffie-hellman security |
US11616648B2 (en) * | 2016-05-03 | 2023-03-28 | Blackberry Limited | Method and system for Cheon resistant static Diffie-Hellman security |
US11902440B2 (en) * | 2016-05-03 | 2024-02-13 | Malikie Innovations Limited | Method and system for Cheon resistant static Diffie-Hellman security |
CN109074759A (en) * | 2016-05-03 | 2018-12-21 | 塞帝通公司 | The method and system of static DIFFIE-HELLMAN safety for Cheon resistance |
US11424924B2 (en) | 2016-05-03 | 2022-08-23 | Blackberry Limited | Method and system for Cheon resistant static Diffie-Hellman security |
CN106385593A (en) * | 2016-09-14 | 2017-02-08 | 武汉斗鱼网络科技有限公司 | Method and system for counting number of persons watching live broadcast simultaneously based on elliptical curve algorithm |
US11070367B2 (en) * | 2017-02-15 | 2021-07-20 | Koninklijke Philips N.V. | Key exchange devices and methods |
US11652608B2 (en) | 2017-10-09 | 2023-05-16 | Ixup Ip Pty Ltd | System and method to protect sensitive information via distributed trust |
US10903980B2 (en) | 2017-10-09 | 2021-01-26 | Data Republic Pty Ltd | System and method to protect sensitive information via distributed trust |
WO2019074921A1 (en) * | 2017-10-09 | 2019-04-18 | Data Republic Pty Ltd | System and method to protect sensitive information via distributed trust |
CN110768938A (en) * | 2018-07-27 | 2020-02-07 | 上海汽车集团股份有限公司 | Vehicle safety communication method and device |
US20220376904A1 (en) * | 2018-11-20 | 2022-11-24 | Iot And M2M Technologies, Llc | Mutually Authenticated ECDHE Key Exchange for a Device and a Network Using Multiple PKI Key Pairs |
US11438176B2 (en) * | 2018-11-20 | 2022-09-06 | lOT AND M2M TECHNOLOGIES, LLC | Mutually authenticated ECDHE key exchange for a device and a network using multiple PKI key pairs |
US11849048B2 (en) * | 2018-11-20 | 2023-12-19 | Iot And M2M Technologies, Llc | Mutually authenticated ECDHE key exchange for a device and a network using multiple PKI key pairs |
CN111600704A (en) * | 2020-05-12 | 2020-08-28 | 北京海益同展信息科技有限公司 | SM 2-based key exchange method, system, electronic device and storage medium |
CN114070550A (en) * | 2020-07-31 | 2022-02-18 | 马上消费金融股份有限公司 | Information processing method, device, equipment and storage medium |
CN114124423A (en) * | 2020-08-31 | 2022-03-01 | Oppo广东移动通信有限公司 | Authentication method, client, server and storage medium |
CN112003698A (en) * | 2020-09-07 | 2020-11-27 | 北京三未信安科技发展有限公司 | SM9 collaborative digital signature method and system |
CN111931249A (en) * | 2020-09-22 | 2020-11-13 | 西南石油大学 | Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism |
CN113079508A (en) * | 2021-04-06 | 2021-07-06 | 中国工商银行股份有限公司 | Data transmission method, device and equipment based on block chain network |
CN113572603A (en) * | 2021-07-21 | 2021-10-29 | 淮阴工学院 | Heterogeneous user authentication and key agreement method |
US20230231712A1 (en) * | 2022-01-14 | 2023-07-20 | Micron Technology, Inc. | Embedded tls protocol for lightweight devices |
CN114785528A (en) * | 2022-06-20 | 2022-07-22 | 深圳市乐凡信息科技有限公司 | Data transmission encryption method, system, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
JP2016036166A (en) | 2016-03-17 |
EP2334008A1 (en) | 2011-06-15 |
JP2017063432A (en) | 2017-03-30 |
CN102098157A (en) | 2011-06-15 |
CN102098157B (en) | 2016-05-18 |
US8670563B2 (en) | 2014-03-11 |
HK1159349A1 (en) | 2012-07-27 |
JP2011125020A (en) | 2011-06-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8670563B2 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
US20220224551A1 (en) | Mutual authentication of confidential communication | |
US7814320B2 (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks | |
JP4527358B2 (en) | An authenticated individual cryptographic system that does not use key escrow | |
Ngo et al. | Dynamic Key Cryptography and Applications. | |
WO2017147503A1 (en) | Techniques for confidential delivery of random data over a network | |
CN110020524B (en) | Bidirectional authentication method based on smart card | |
US20230188325A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
US20210152370A1 (en) | Digital signature method, device, and system | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
US11528127B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
Daddala et al. | Design and implementation of a customized encryption algorithm for authentication and secure communication between devices | |
Purevjav et al. | Email encryption using hybrid cryptosystem based on Android | |
KR101793528B1 (en) | Certificateless public key encryption system and receiving terminal | |
Surya et al. | Single sign on mechanism using attribute based encryption in distributed computer networks | |
Zhen et al. | Optimized Key Agreement Protocol Based on Chaotic | |
Rizvi et al. | EXPLORING MODERN CRYPTOGRAPHY: A COMPREHENSIVE GUIDE TO TECHNIQUES AND APPLICATIONS. | |
Halder et al. | Information Security Using Key Management | |
Abbas et al. | A cryptographic authentication technique | |
CN110572788A (en) | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate | |
Blomqvist | Kleptography--Overview and a new proof of concept |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: TATA CONSULTANCY SERVICES LIMITED, INDIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VIJAYARANGAN, NATARAJAN;REEL/FRAME:025993/0698 Effective date: 20110208 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |